Hi all,
I have a web site that I'm serving on an Apache server, and it has a number of different folders, but I only want the user to be able to access certain ones -- the majority of them I don't want the user to access. I tried modifying my /etc/apache2/conf.d/security file to do this, but I can't figure out why it's not working.
And before anyone asks, yes, I did restart apache, both with apachectl restart and service apache2 restart. 
Anyway, my security file looks like this:
# Root directory
<Directory /var/www>
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
# Directory I want the user to access
<Directory /var/www/mysite>
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
# Other directories for the user to access down here
This seems like it should work, based on a lot of Googling, but I'm still getting access to all my folders from the browser, and access to folder indexes, which I don't want in any folder, regardless of whether it can be seen in the browser.
Can anyone point me in the right direction about what I'm doing wrong, please?
Thanks,
Zel2008